Slack contains an XSLeak vulnerability that de-anonymizes users.

20 October, 2021

Malicious actors can utilise a security flaw in Slack’s filesharing feature to identify users outside of the workplace chat network.

The vulnerability, known as a crosssite leak (XSLeak), allows attackers to bypass sameorigin policy, a browser security mechanism that prohibits tabs and frames from accessing each other’s data.

Read More…